diff --git a/.gitignore b/.gitignore index 87b4cda..d7a10c4 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ /authselect-0.3.2.tar.gz /authselect-0.4.tar.gz /authselect-1.0.tar.gz +/authselect-1.0.1.tar.gz diff --git a/0001-lib-fix-profile-origin-debug-message.patch b/0001-lib-fix-profile-origin-debug-message.patch deleted file mode 100644 index 7eb09dd..0000000 --- a/0001-lib-fix-profile-origin-debug-message.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 607235797f0503178f81b5a2074803fdddd84071 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 4 Sep 2018 12:33:21 +0200 -Subject: [PATCH 1/7] lib: fix profile origin debug message - -Previously, we failed to match the location and always print that -the selected profile is a default profile. ---- - src/lib/profiles/read.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/lib/profiles/read.c b/src/lib/profiles/read.c -index 002329090cec29eee7969a5f04634ba1bb214a4c..a3a3e62788a3b3ae493a22a8b8e10170d572fc6f 100644 ---- a/src/lib/profiles/read.c -+++ b/src/lib/profiles/read.c -@@ -125,9 +125,9 @@ authselect_profile_open(const char *id, - return ret; - } - -- if (strcmp(location, DIR_CUSTOM_PROFILES) == 0) { -+ if (strcmp(locations[i], DIR_CUSTOM_PROFILES) == 0) { - INFO("Profile [%s] is a custom profile", id); -- } else if (strcmp(location, DIR_VENDOR_PROFILES) == 0) { -+ } else if (strcmp(locations[i], DIR_VENDOR_PROFILES) == 0) { - INFO("Profile [%s] is a vendor profile", id); - } else { - INFO("Profile [%s] is a default profile", id); --- -2.17.1 diff --git a/0002-man-remove-duplicate-of-with-pamaccess.patch b/0002-man-remove-duplicate-of-with-pamaccess.patch deleted file mode 100644 index 88dfee3..0000000 --- a/0002-man-remove-duplicate-of-with-pamaccess.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 3b6ba3c895dfc7a3c6b3fa43d2c76070e45b0d94 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 4 Sep 2018 12:39:16 +0200 -Subject: [PATCH 2/7] man: remove duplicate of with-pamaccess - ---- - src/man/authselect-migration.7.adoc | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc -index 47544a53efd70b55a75d68d5bcbf3c89f875d7e7..35ba484d576ab8a3d923a124f6b1577085deedd4 100644 ---- a/src/man/authselect-migration.7.adoc -+++ b/src/man/authselect-migration.7.adoc -@@ -85,7 +85,6 @@ configuration file for required services. - |--enablefaillock |with-faillock - |--enablepamaccess |with-pamaccess - |--enablewinbindkrb5 |with-krb5 --|--enablepamaccess |with-pamaccess - |================================================== - - .Examples --- -2.17.1 diff --git a/0003-spec-do-not-print-any-output-when-enabling-with-sudo.patch b/0003-spec-do-not-print-any-output-when-enabling-with-sudo.patch deleted file mode 100644 index 82d465f..0000000 --- a/0003-spec-do-not-print-any-output-when-enabling-with-sudo.patch +++ /dev/null @@ -1,27 +0,0 @@ -From dd0b2a5b4293ac5a46c1ecf64b2716d210ade1ee Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 4 Sep 2018 14:13:49 +0200 -Subject: [PATCH 3/7] spec: do not print any output when enabling with-sudo - ---- - rpm/authselect.spec.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in -index c1de3107b099bab05284f65a4f6712fac41297da..70af91e16c72478e5e5bba0b4f59df86b66fb99f 100644 ---- a/rpm/authselect.spec.in -+++ b/rpm/authselect.spec.in -@@ -210,9 +210,9 @@ if [ $? -eq 0 ]; then - - if [ $PROFILE == "sssd" ] ; then - if grep -E "services[[:blank:]]*=[[:blank:]]*.*sudo" /etc/sssd/sssd.conf &> /dev/null ; then -- %{_bindir}/authselect enable-feature with-sudo -+ %{_bindir}/authselect enable-feature with-sudo &> /dev/null - elif systemctl is-active sssd-sudo.service sssd-sudo.socket --quiet || systemctl is-enabled sssd-sudo.socket --quiet ; then -- %{_bindir}/authselect enable-feature with-sudo -+ %{_bindir}/authselect enable-feature with-sudo &> /dev/null - fi - fi - fi --- -2.17.1 diff --git a/0004-Don-t-write-options-without-value-to-pwquality-conf-.patch b/0004-Don-t-write-options-without-value-to-pwquality-conf-.patch deleted file mode 100644 index e76d95c..0000000 --- a/0004-Don-t-write-options-without-value-to-pwquality-conf-.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 748e7672134545c5c66fab180c983edbd8d7a106 Mon Sep 17 00:00:00 2001 -From: Adam Williamson -Date: Tue, 28 Aug 2018 11:49:35 -0700 -Subject: [PATCH 4/7] Don't write options without value to pwquality conf - (#1618865) - -Per https://bugzilla.redhat.com/show_bug.cgi?id=1618865 , it is -incorrect to write lines like this in a pwquality config file: - -minlen= -minclass= -maxrepeat= -maxclassrepeat= - -There should either be an actual integer value, or the line -should be omitted entirely. Including the option with no value -is wrong and breaks pwquality. This should fix the problem by -only writing the lines if the option is actually set. - -Signed-off-by: Adam Williamson ---- - src/compat/authcompat.py.in.in | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in -index abe1e585954ccd5ac555339f23c175e941c76ea3..1b4f531b021c1e2e8fd99bd081094da365c0c64e 100755 ---- a/src/compat/authcompat.py.in.in -+++ b/src/compat/authcompat.py.in.in -@@ -319,10 +319,13 @@ class Configuration: - def write(self): - config = EnvironmentFile(Path.System('pwquality.conf')) - -- config.set("minlen", self.get("passminlen")) -- config.set("minclass", self.get("passminclass")) -- config.set("maxrepeat", self.get("passmaxrepeat")) -- config.set("maxclassrepeat", self.get("passmaxclassrepeat")) -+ # for each if these options, we want to write a line to the config -+ # *only if* it is set to an actual value, see -+ # https://bugzilla.redhat.com/show_bug.cgi?id=1618865 -+ for pwval in ["minlen", "minclass", "maxrepeat", "maxclassrepeat"]: -+ if self.isset("pass{0}".format(pwval)): -+ config.set(pwval, self.get("pass{0}".format(pwval))) -+ - config.set("lcredit", self.getBoolAsValue("reqlower", -1, 0)) - config.set("ucredit", self.getBoolAsValue("requpper", -1, 0)) - config.set("dcredit", self.getBoolAsValue("reqdigit", -1, 0)) --- -2.17.1 - diff --git a/0005-compat-write-only-options-set-on-command-line-to-pwq.patch b/0005-compat-write-only-options-set-on-command-line-to-pwq.patch deleted file mode 100644 index 77b302d..0000000 --- a/0005-compat-write-only-options-set-on-command-line-to-pwq.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 65c081520d2192602ecffb31a06f96e577ed3998 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 4 Sep 2018 11:36:43 +0200 -Subject: [PATCH 5/7] compat: write only options set on command line to - pwquality.conf - -This will not overwrite pwquality.conf if for exapmle "authconfig --update" -is called. Without this patch the values would get overriden with empty -values. ---- - src/compat/authcompat.py.in.in | 36 ++++++++++++++++++++++------------ - 1 file changed, 24 insertions(+), 12 deletions(-) - -diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in -index 1b4f531b021c1e2e8fd99bd081094da365c0c64e..4fa9a6afc1d62aa9dde41b525d473168e6dc2901 100755 ---- a/src/compat/authcompat.py.in.in -+++ b/src/compat/authcompat.py.in.in -@@ -166,7 +166,10 @@ class Configuration: - def getBool(self, name): - return self.options.getBool(name) - -- def getBoolAsValue(self, name, if_true, if_false): -+ def getBoolAsValue(self, name, if_true, if_false, AllowNone=False): -+ if AllowNone and not self.isset(name): -+ return None -+ - value = self.getBool(name) - if value: - return if_true -@@ -318,19 +321,28 @@ class Configuration: - - def write(self): - config = EnvironmentFile(Path.System('pwquality.conf')) -+ value_set = False - -- # for each if these options, we want to write a line to the config -- # *only if* it is set to an actual value, see -- # https://bugzilla.redhat.com/show_bug.cgi?id=1618865 -- for pwval in ["minlen", "minclass", "maxrepeat", "maxclassrepeat"]: -- if self.isset("pass{0}".format(pwval)): -- config.set(pwval, self.get("pass{0}".format(pwval))) -+ pwopts = { -+ "minlen" : self.get("passminlen"), -+ "minclass" : self.get("passminclass"), -+ "maxrepeat" : self.get("passmaxrepeat"), -+ "maxclassrepeat" : self.get("passmaxclassrepeat"), -+ "lcredit" : self.getBoolAsValue("reqlower", -1, 0, AllowNone=True), -+ "ucredit" : self.getBoolAsValue("requpper", -1, 0, AllowNone=True), -+ "dcredit" : self.getBoolAsValue("reqdigit", -1, 0, AllowNone=True), -+ "ocredit" : self.getBoolAsValue("reqother", -1, 0, AllowNone=True) -+ } - -- config.set("lcredit", self.getBoolAsValue("reqlower", -1, 0)) -- config.set("ucredit", self.getBoolAsValue("requpper", -1, 0)) -- config.set("dcredit", self.getBoolAsValue("reqdigit", -1, 0)) -- config.set("ocredit", self.getBoolAsValue("reqother", -1, 0)) -- config.write() -+ # Write options only if their are actually set -+ for opt, value in pwopts.items(): -+ if value is not None: -+ print(opt + "=" + str(value)) -+ config.set(opt, value) -+ value_set = True -+ -+ if value_set: -+ config.write() - - class MakeHomedir(Base): - def __init__(self, options): --- -2.17.1 diff --git a/0006-compat-fix-regular-expression-for-environment-files.patch b/0006-compat-fix-regular-expression-for-environment-files.patch deleted file mode 100644 index 7b8650c..0000000 --- a/0006-compat-fix-regular-expression-for-environment-files.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 7c37960dbf378dc1041c1d635629d509c48bae20 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 4 Sep 2018 11:38:38 +0200 -Subject: [PATCH 6/7] compat: fix regular expression for environment files - -Any word character (\w) was not enough as it does not accept e.g. '-'. -Therefore line like 'ocredit=-1' was incorrectly parse returning only -'1' as value instead of '-1'. ---- - src/compat/authcompat_EnvironmentFile.py | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/compat/authcompat_EnvironmentFile.py b/src/compat/authcompat_EnvironmentFile.py -index 529497e61903b3fb89f560b8e0ac0bb38111b46a..5738c6cafaf75109a5c1dbb9d3f040686a4945e1 100644 ---- a/src/compat/authcompat_EnvironmentFile.py -+++ b/src/compat/authcompat_EnvironmentFile.py -@@ -34,9 +34,9 @@ class EnvironmentFile: - self.environment = [] - - delimiter_re = delimiter_re if delimiter_re is not None else delimiter -- self.pattern = re.compile('^(\s*)(\S*)([^\n\w]*)(' + -+ self.pattern = re.compile('^(\s*)(\S*)([^\n\S]*)(' + - delimiter_re + -- ')([^\n\w]*)(.*)$', -+ ')([^\n\S]*)(.*)$', - re.MULTILINE) - - self.read() --- -2.17.1 diff --git a/0007-spec-fix-invalid-options-in-pwquality.conf-generated.patch b/0007-spec-fix-invalid-options-in-pwquality.conf-generated.patch deleted file mode 100644 index e8f61e4..0000000 --- a/0007-spec-fix-invalid-options-in-pwquality.conf-generated.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 81de5acd2ce27592b724ab564ed3ade6ed3d68eb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 4 Sep 2018 11:51:20 +0200 -Subject: [PATCH 7/7] spec: fix invalid options in pwquality.conf generated by - compat tool - ---- - rpm/authselect.spec.in | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in -index 70af91e16c72478e5e5bba0b4f59df86b66fb99f..6887d1d16724412de8abfd5b872e5ecfc93e5ba5 100644 ---- a/rpm/authselect.spec.in -+++ b/rpm/authselect.spec.in -@@ -219,6 +219,14 @@ fi - - exit 0 - -+%posttrans compat -+# Fix for RHBZ#1618865 -+# Remove invalid lines from pwquality.conf generated by authconfig compat tool -+# - previous version could write some options without value, which is invalid -+# - we delete all options without value from existing file -+sed -i -E '/^\w+=$/d' %{_sysconfdir}/security/pwquality.conf.d/10-authconfig-pwquality.conf &> /dev/null -+exit 0 -+ - %changelog - * Thu Feb 22 2018 Pavel Březina - @PACKAGE_VERSION@-@RELEASE_NUMBER@ - - Do not use change log for rpm generated from source --- -2.17.1 diff --git a/authselect.spec b/authselect.spec index 2bb28ad..fdbea83 100644 --- a/authselect.spec +++ b/authselect.spec @@ -1,20 +1,12 @@ Name: authselect -Version: 1.0 -Release: 3%{?dist} +Version: 1.0.1 +Release: 1%{?dist} Summary: Configures authentication and identity sources from supported profiles URL: https://github.com/pbrezina/authselect License: GPLv3+ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz -Patch0001: 0001-lib-fix-profile-origin-debug-message.patch -Patch0002: 0002-man-remove-duplicate-of-with-pamaccess.patch -Patch0003: 0003-spec-do-not-print-any-output-when-enabling-with-sudo.patch -Patch0004: 0004-Don-t-write-options-without-value-to-pwquality-conf-.patch -Patch0005: 0005-compat-write-only-options-set-on-command-line-to-pwq.patch -Patch0006: 0006-compat-fix-regular-expression-for-environment-files.patch -Patch0007: 0007-spec-fix-invalid-options-in-pwquality.conf-generated.patch - BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -43,6 +35,13 @@ supported by authselect. %package libs Summary: Utility library used by the authselect tool +# Required by scriptlets +Requires: coreutils +Requires: findutils +Requires: gawk +Requires: grep +Requires: sed +Requires: systemctl %description libs Common library files for authselect. This package is used by the authselect @@ -50,11 +49,7 @@ command line tool and any other potential front-ends. %package compat Summary: Tool to provide minimum backwards compatibility with authconfig -%if 0%{?fedora} && 0%{?fedora} <= 27 -Conflicts: authconfig -%else Obsoletes: authconfig < 7.0.1-6 -%endif Provides: authconfig BuildRequires: python3-devel Requires: authselect%{?_isa} = %{version}-%{release} @@ -62,6 +57,8 @@ Suggests: sssd Suggests: realmd Suggests: samba-winbind Suggests: oddjob-mkhomedir +# Required by scriptlets +Requires: sed %description compat This package will replace %{_sbindir}/authconfig with a tool that will @@ -87,7 +84,7 @@ done %build autoreconf -if -%configure +%configure --with-pythonbin="%{__python3}" %make_build %check @@ -215,7 +212,7 @@ fi %{_bindir}/authselect apply-changes &> /dev/null # Enable with-sudo feature if sssd-sudo responder is enabled. RHBZ#1582111 -CURRENT=`%{_bindir}/authselect current --raw` +CURRENT=`%{_bindir}/authselect current --raw 2> /dev/null` if [ $? -eq 0 ]; then PROFILE=`echo $CURRENT | awk '{print $1;}'` @@ -239,6 +236,9 @@ sed -i -E '/^\w+=$/d' %{_sysconfdir}/security/pwquality.conf.d/10-authconfig-pwq exit 0 %changelog +* Thu Sep 27 2018 Pavel Březina - 1.0.1-1 +- Rebase to 1.0.1 + * Fri Sep 14 2018 Pavel Březina - 1.0-3 - Scriptlets should no produce any error messages (RHBZ #1622272) - Provide fix for pwquality configuration (RHBZ #1618865) diff --git a/sources b/sources index da2bf8c..1a347d4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (authselect-1.0.tar.gz) = d5463a1b854d9c18bd687a43d3c2822302f872d4b35c16b671d22aec78131f99ab08c96184e50778cea322bb04a1991b59f845dba55bb408634cb333bfb2d2fc +SHA512 (authselect-1.0.1.tar.gz) = 571202ff45b712111415c5c874297e7700c255d965b7198ef245881e52a561d0f9abc1b8b1d53f40ebe15875fa6c4321264faacdb19f7ad5d0c600bdbc40bd40